Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness

10/13/2021
by   Xiao Yang, et al.
0

The vulnerability of deep neural networks to adversarial examples has motivated an increasing number of defense strategies for promoting model robustness. However, the progress is usually hampered by insufficient robustness evaluations. As the de facto standard to evaluate adversarial robustness, adversarial attacks typically solve an optimization problem of crafting adversarial examples with an iterative process. In this work, we propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically. Our method learns the optimizer in adversarial attacks parameterized by a recurrent neural network, which is trained over a class of data samples and defenses to produce effective update directions during adversarial example generation. Furthermore, we develop a model-agnostic training algorithm to improve the generalization ability of the learned optimizer when attacking unseen defenses. Our approach can be flexibly incorporated with various attacks and consistently improves the performance with little extra computational cost. Extensive experiments demonstrate the effectiveness of the learned attacks by MAMA compared to the state-of-the-art attacks on different defenses, leading to a more reliable evaluation of adversarial robustness.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
04/26/2020

Harnessing adversarial examples with a surprisingly simple defense

I introduce a very simple method to defend against adversarial examples....
research
06/28/2022

Increasing Confidence in Adversarial Robustness Evaluations

Hundreds of defenses have been proposed to make deep neural networks rob...
research
02/23/2021

Automated Discovery of Adaptive Attacks on Adversarial Defenses

Reliable evaluation of adversarial defenses is a challenging task, curre...
research
08/25/2021

Backdoor Attacks on Network Certification via Data Poisoning

Certifiers for neural networks have made great progress towards provable...
research
10/05/2021

Adversarial defenses via a mixture of generators

In spite of the enormous success of neural networks, adversarial example...
research
03/10/2020

SAD: Saliency-based Defenses Against Adversarial Examples

With the rise in popularity of machine and deep learning models, there i...

Please sign up or login with your details

Forgot password? Click here to reset